From c567c06a06331ed82d1ab367a5e54322ce46ebcf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20Such=C3=BD?= Date: Wed, 24 Sep 2014 13:44:46 +0000 Subject: [PATCH] move compute rules to roles --- .../fed-cloud10.cloud.fedoraproject.org.yml | 106 +---------------- roles/cloud_compute/tasks/main.yml | 107 ++++++++++++++++++ 2 files changed, 108 insertions(+), 105 deletions(-) create mode 100644 roles/cloud_compute/tasks/main.yml diff --git a/playbooks/hosts/fed-cloud10.cloud.fedoraproject.org.yml b/playbooks/hosts/fed-cloud10.cloud.fedoraproject.org.yml index 8392dc8887..79ba01002b 100644 --- a/playbooks/hosts/fed-cloud10.cloud.fedoraproject.org.yml +++ b/playbooks/hosts/fed-cloud10.cloud.fedoraproject.org.yml @@ -21,117 +21,13 @@ - fas_client - collectd/base - sudo + - cloud_compute tasks: - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - authorized_key: user=root key="{{ lookup('file', files + '/fedora-cloud/fed09-ssh-key.pub') }}" - - - lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^ONBOOT=" line="ONBOOT=yes" - notify: - - restart network - - lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^NETMASK=" line="NETMASK=255.255.255.0" - notify: - - restart network - - lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^IPADDR=" line="IPADDR={{compute_private_ip}}" - notify: - - restart network - - lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="BOOTPROTO=" line="BOOTPROTO=none" - notify: - - restart network - - - yum: state=present name=http://rdo.fedorapeople.org/rdo-release.rpm - - # http://docs.openstack.org/icehouse/install-guide/install/yum/content/nova-compute.html - - name: install the Compute packages necessary for the controller node. - action: yum state=present pkg={{ item }} - with_items: - - openstack-nova-compute - - python-novaclient - - openstack-utils - - name: Set up db connection to controller - action: command openstack-config --set /etc/nova/nova.conf database connection mysql://nova:{{NOVA_DBPASS}}@{{controller_private_ip}}/nova - - command: openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone - - command: openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://{{controller_private_ip}}:5000 - - command: openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host {{controller_private_ip}} - - command: openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http - - command: openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357 - - command: openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova - - command: openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service - - command: openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password {{NOVA_PASS}} - - - command: openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend qpid - - command: openstack-config --set /etc/nova/nova.conf DEFAULT qpid_hostname {{controller_private_ip}} - - - command: openstack-config --set /etc/nova/nova.conf DEFAULT my_ip {{compute_private_ip}} - - command: openstack-config --set /etc/nova/nova.conf DEFAULT vnc_enabled True - - command: openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 0.0.0.0 - - command: openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address {{compute_private_ip}} - - command: openstack-config --set /etc/nova/nova.conf DEFAULT novncproxy_base_url http://{{controller_private_ip}}:6080/vnc_auto.html - - - command: openstack-config --set /etc/nova/nova.conf DEFAULT glance_host {{controller_private_ip}} - - - service: name=libvirtd state=started enabled=yes - - service: name=messagebus state=started enabled=yes - - service: name=openstack-nova-compute state=started enabled=yes - - # http://docs.openstack.org/icehouse/install-guide/install/yum/content/neutron-ml2-compute-node.html - - sysctl: name=net.ipv4.conf.all.rp_filter value=0 state=present sysctl_set=yes reload=yes - - sysctl: name=net.ipv4.conf.default.rp_filter value=0 state=present sysctl_set=yes reload=yes - - - name: install the Networking components - action: yum state=present pkg={{ item }} - with_items: - - openstack-neutron-ml2 - - openstack-neutron-openvswitch - - - command: openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone - - command: openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://{{controller_private_ip}}:5000 - - command: openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_host {{controller_private_ip}} - - command: openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_protocol http - - command: openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_port 35357 - - command: openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_user neutron - - command: openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name service - - command: openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_password {{NEUTRON_PASS}} - - - command: openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend neutron.openstack.common.rpc.impl_qpid - - command: openstack-config --set /etc/neutron/neutron.conf DEFAULT qpid_hostname {{controller_private_ip}} - - # uncomment if you want to debug compute instance - #- command: openstack-config --set /etc/neutron/neutron.conf DEFAULT verbose True - - command: openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2 - - command: openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router - - - command: openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers local,flat,gre - - command: openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types gre - - command: openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch - - command: openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre tunnel_id_ranges 1:1000 - - command: openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs local_ip {{compute_private_ip}} - - command: openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs tunnel_type gre - - command: openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs enable_tunneling True - - command: openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver - - command: openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_security_group True - - - service: name=openvswitch state=started enabled=yes - - command: ovs-vsctl --may-exist add-br br-int - - - command: openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API - - command: openstack-config --set /etc/nova/nova.conf DEFAULT neutron_url http://{{controller_private_ip}}:9696 - - command: openstack-config --set /etc/nova/nova.conf DEFAULT neutron_auth_strategy keystone - - command: openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_tenant_name service - - command: openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_username neutron - - command: openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_password {{NEUTRON_PASS}} - - command: openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_auth_url http://{{controller_private_ip}}:35357/v2.0 - - command: openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver - - command: openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver - - command: openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron - - - file: src=/etc/neutron/plugins/ml2/ml2_conf.ini dest=/etc/neutron/plugin.ini state=link - - - service: name=neutron-openvswitch-agent state=started enabled=yes - handlers: - include: "{{ handlers }}/restart_services.yml" - include: "{{ handlers }}/semanage.yml" diff --git a/roles/cloud_compute/tasks/main.yml b/roles/cloud_compute/tasks/main.yml new file mode 100644 index 0000000000..8d37b80ef4 --- /dev/null +++ b/roles/cloud_compute/tasks/main.yml @@ -0,0 +1,107 @@ +--- +# Configure another compute node for Fedora Cloud + +- authorized_key: user=root key="{{ lookup('file', files + '/fedora-cloud/fed09-ssh-key.pub') }}" + +- lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^ONBOOT=" line="ONBOOT=yes" + notify: + - restart network +- lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^NETMASK=" line="NETMASK=255.255.255.0" + notify: + - restart network +- lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^IPADDR=" line="IPADDR={{compute_private_ip}}" + notify: + - restart network +- lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="BOOTPROTO=" line="BOOTPROTO=none" + notify: + - restart network + +- yum: state=present name=http://rdo.fedorapeople.org/rdo-release.rpm + +# http://docs.openstack.org/icehouse/install-guide/install/yum/content/nova-compute.html +- name: install the Compute packages necessary for the controller node. + action: yum state=present pkg={{ item }} + with_items: + - openstack-nova-compute + - python-novaclient + - openstack-utils +- name: Set up db connection to controller + action: command openstack-config --set /etc/nova/nova.conf database connection mysql://nova:{{NOVA_DBPASS}}@{{controller_private_ip}}/nova +- command: openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone +- command: openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://{{controller_private_ip}}:5000 +- command: openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host {{controller_private_ip}} +- command: openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http +- command: openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357 +- command: openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova +- command: openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service +- command: openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password {{NOVA_PASS}} + +- command: openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend qpid +- command: openstack-config --set /etc/nova/nova.conf DEFAULT qpid_hostname {{controller_private_ip}} + +- command: openstack-config --set /etc/nova/nova.conf DEFAULT my_ip {{compute_private_ip}} +- command: openstack-config --set /etc/nova/nova.conf DEFAULT vnc_enabled True +- command: openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 0.0.0.0 +- command: openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address {{compute_private_ip}} +- command: openstack-config --set /etc/nova/nova.conf DEFAULT novncproxy_base_url http://{{controller_private_ip}}:6080/vnc_auto.html + +- command: openstack-config --set /etc/nova/nova.conf DEFAULT glance_host {{controller_private_ip}} + +- service: name=libvirtd state=started enabled=yes +- service: name=messagebus state=started enabled=yes +- service: name=openstack-nova-compute state=started enabled=yes + +# http://docs.openstack.org/icehouse/install-guide/install/yum/content/neutron-ml2-compute-node.html +- sysctl: name=net.ipv4.conf.all.rp_filter value=0 state=present sysctl_set=yes reload=yes +- sysctl: name=net.ipv4.conf.default.rp_filter value=0 state=present sysctl_set=yes reload=yes + +- name: install the Networking components + action: yum state=present pkg={{ item }} + with_items: + - openstack-neutron-ml2 + - openstack-neutron-openvswitch + +- command: openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone +- command: openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://{{controller_private_ip}}:5000 +- command: openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_host {{controller_private_ip}} +- command: openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_protocol http +- command: openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_port 35357 +- command: openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_user neutron +- command: openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name service +- command: openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_password {{NEUTRON_PASS}} + +- command: openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend neutron.openstack.common.rpc.impl_qpid +- command: openstack-config --set /etc/neutron/neutron.conf DEFAULT qpid_hostname {{controller_private_ip}} + +# uncomment if you want to debug compute instance +#- command: openstack-config --set /etc/neutron/neutron.conf DEFAULT verbose True +- command: openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2 +- command: openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router + +- command: openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers local,flat,gre +- command: openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types gre +- command: openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch +- command: openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre tunnel_id_ranges 1:1000 +- command: openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs local_ip {{compute_private_ip}} +- command: openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs tunnel_type gre +- command: openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs enable_tunneling True +- command: openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver +- command: openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_security_group True + +- service: name=openvswitch state=started enabled=yes +- command: ovs-vsctl --may-exist add-br br-int + +- command: openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API +- command: openstack-config --set /etc/nova/nova.conf DEFAULT neutron_url http://{{controller_private_ip}}:9696 +- command: openstack-config --set /etc/nova/nova.conf DEFAULT neutron_auth_strategy keystone +- command: openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_tenant_name service +- command: openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_username neutron +- command: openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_password {{NEUTRON_PASS}} +- command: openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_auth_url http://{{controller_private_ip}}:35357/v2.0 +- command: openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver +- command: openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver +- command: openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron + +- file: src=/etc/neutron/plugins/ml2/ml2_conf.ini dest=/etc/neutron/plugin.ini state=link + +- service: name=neutron-openvswitch-agent state=started enabled=yes